diff --git a/docs/configuration/inbound/tun.md b/docs/configuration/inbound/tun.md
new file mode 100644
index 00000000..55a1e042
--- /dev/null
+++ b/docs/configuration/inbound/tun.md
@@ -0,0 +1,78 @@
+!!! error ""
+
+    Linux only
+
+### Structure
+
+```json
+{
+  "inbounds": [
+    {
+      "type": "tun",
+      "tag": "tun-in",
+      
+      "inet4_address": "172.19.0.1/30",
+      "inet6_address": "fdfe:dcba:9876::1/128",
+      "mtu": 1500,
+      "auto_route": true,
+      "hijack_dns": true,
+      
+      "sniff": true,
+      "sniff_override_destination": false,
+      "domain_strategy": "prefer_ipv4"
+    }
+  ]
+}
+```
+
+### Tun Fields
+
+#### inet4_address
+
+==Required==
+
+IPv4 prefix for the tun interface.
+
+#### inet6_address
+
+IPv6 prefix for the tun interface.
+
+#### mtu
+
+The maximum transmission unit.
+
+#### auto_route
+
+Set the default route to the Tun.
+
+!!! error ""
+
+    To avoid traffic loopback, set `route.auto_delect_interface` or `outbound.bind_interface`
+
+#### hijack_dns
+
+Hijack TCP/UDP DNS requests to the built-in DNS adapter.
+
+### Listen Fields
+
+#### sniff
+
+Enable sniffing.
+
+Reads domain names for routing, supports HTTP TLS for TCP, QUIC for UDP.
+
+This does not break zero copy, like splice.
+
+#### sniff_override_destination
+
+Override the connection destination address with the sniffed domain.
+
+If the domain name is invalid (like tor), this will not work.
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the requested domain name will be resolved to IP before routing.
+
+If `sniff_override_destination` is in effect, its value will be taken as a fallback.
\ No newline at end of file
diff --git a/docs/configuration/route/index.md b/docs/configuration/route/index.md
index 041d1d9d..ab234406 100644
--- a/docs/configuration/route/index.md
+++ b/docs/configuration/route/index.md
@@ -6,7 +6,8 @@
     "geoip": {},
     "geosite": {},
     "rules": [],
-    "final": ""
+    "final": "",
+    "auto_detect_interface": false
   }
 }
 ```
@@ -21,4 +22,14 @@
 
 #### final
 
-Default outbound tag. the first outbound will be used if empty.
\ No newline at end of file
+Default outbound tag. the first outbound will be used if empty.
+
+#### auto_detect_interface
+
+!!! error ""
+
+    Linux only
+
+Bind outbound connections to the default NIC by default to prevent routing loops under Tun.
+
+Takes no effect if `outbound.bind_interface` is set.
\ No newline at end of file
diff --git a/docs/examples/index.md b/docs/examples/index.md
index bb0f7d7d..859f2103 100644
--- a/docs/examples/index.md
+++ b/docs/examples/index.md
@@ -3,4 +3,5 @@
 Configuration examples for sing-box.
 
 * [Shadowsocks Server](./ss-server)
-* [Shadowsocks Client](./ss-client)
\ No newline at end of file
+* [Shadowsocks Client](./ss-client)
+* [Shadowsocks Tun](./ss-tun)
\ No newline at end of file
diff --git a/docs/examples/ss-tun.md b/docs/examples/ss-tun.md
new file mode 100644
index 00000000..7584995e
--- /dev/null
+++ b/docs/examples/ss-tun.md
@@ -0,0 +1,66 @@
+```json
+{
+  "dns": {
+    "servers": [
+      {
+        "tag": "google",
+        "address": "tls://8.8.8.8"
+      },
+      {
+        "tag": "local",
+        "address": "223.5.5.5",
+        "detour": "direct"
+      }
+    ],
+    "rules": [
+      {
+        "domain": "mydomain.com",
+        "geosite": "cn",
+        "server": "local"
+      }
+    ],
+    "strategy": "ipv4_only"
+  },
+  "inbounds": [
+    {
+      "type": "tun",
+      "inet4_address": "172.19.0.1/30",
+      "auto_route": true,
+      "hijack_dns": true,
+      "sniff": true
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "shadowsocks",
+      "tag": "proxy",
+      "server": "mydomain.com",
+      "server_port": 8080,
+      "method": "2022-blake3-aes-128-gcm",
+      "password": "8JCsPssfgS8tiRwiMlhARg=="
+    },
+    {
+      "type": "direct",
+      "tag": "direct"
+    },
+    {
+      "type": "block",
+      "tag": "block"
+    }
+  ],
+  "route": {
+    "rules": [
+      {
+        "geosite": "category-ads-all",
+        "outbound": "block"
+      },
+      {
+        "geosite": "cn",
+        "geoip": "cn",
+        "outbound": "direct"
+      }
+    ],
+    "auto_detect_interface": true
+  }
+}
+```
\ No newline at end of file
diff --git a/mkdocs.yml b/mkdocs.yml
index de98a256..0433455c 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -40,6 +40,7 @@ nav:
           - DNS Rule: configuration/dns/rule.md
       - Inbound:
           - configuration/inbound/index.md
+          - Tun: configuration/inbound/tun.md
           - Direct: configuration/inbound/direct.md
           - Mixed: configuration/inbound/mixed.md
           - Socks: configuration/inbound/socks.md
@@ -61,6 +62,7 @@ nav:
       - examples/index.md
       - Shadowsocks Server: examples/ss-server.md
       - Shadowsocks Client: examples/ss-client.md
+      - Shadowsocks Tun: examples/ss-tun.md
   - Benchmark: benchmark.md
 markdown_extensions:
   - pymdownx.inlinehilite
diff --git a/option/route.go b/option/route.go
index f377e7dd..5cc9a682 100644
--- a/option/route.go
+++ b/option/route.go
@@ -69,7 +69,7 @@ func (r *Rule) UnmarshalJSON(bytes []byte) error {
 	}
 	var v any
 	switch r.Type {
-	case "":
+	case "", C.RuleTypeDefault:
 		r.Type = C.RuleTypeDefault
 		v = &r.DefaultOptions
 	case C.RuleTypeLogical: